Companies are increasingly allowing employees to access sensitive corporate data on the employee's mobile device. Historically, security of such devices has revolved around device based security where security policies are downloaded to a device. A security agent will constantly scan the device for applications, and determine a security policy based on the applications loaded onto the device. This type of device based security was provided by mobile device management (“MDM”) players like Afaria, MobileIron, and Zenprise, and was well-adapted for company procured mobile devices.
With increasingly popular “bring your own device” policies, employees are allowed to use their personal mobile devices to access sensitive corporate data. Such policies eliminate the need for employees to have a corporate device, in addition to their personal mobile device, in order to access sensitive corporate data. However, even with a bring your own device policy, companies still wish to protect sensitive corporate data. Unfortunately, device based security models do not distinguish between company data and personal data, and personal data may become locked up or lost along with enterprise data, depending on the device based security policies. Consequently, with the proliferation of employee owned devices through “bring your own device” policies, there is a need to separate personal data from corporate data in order to apply appropriate mobile device security settings.
There are some solutions that address the need to separate personal data from enterprise data when securing an employee's mobile device. These solutions may provide application based security, wherein applications are embedded at compilation time with a security wrapper that decides the security policies for the application. Such solutions are referred to as Mobile Application Management (“MAM”). However, the MAM approach requires a developer to use a proprietary software development kit (“SDK”) or library to compile the application in order to ensure that the security wrapper and policy are built into the application at run time. Many organizations have difficulties with this MAM approach because it ties them to a particular vendor associated with the proprietary SDK or library. Additionally, every time the security wrapper needs to be updated with additional or modified security policies, the application will need to be recompiled.
Accordingly, there exists a need to build security during application upload that obviates the need for either a proprietary wrapper or a library, and is thereby vendor independent.